diff --git a/Controller/Webhook/Index.php b/Controller/Webhook/Index.php index 2613d01b3..d60aa72e8 100755 --- a/Controller/Webhook/Index.php +++ b/Controller/Webhook/Index.php @@ -380,7 +380,8 @@ private function isDuplicate(array $response) */ private function fixCgiHttpAuthentication() { - if ($this->request->getServer('PHP_AUTH_USER') && $this->request->getServer('PHP_AUTH_PW')) { + if (!empty($this->request->getServer('PHP_AUTH_USER')) && + !empty($this->request->getServer('PHP_AUTH_PW'))) { return; } @@ -393,16 +394,10 @@ private function fixCgiHttpAuthentication() ]; foreach ($authorizationHeaders as $header) { - $authHeader = $this->request->getServer($header); - - if ($authHeader) { - list( - $phpAuthUser, $phpAuthPw - ) = explode(':', base64_decode(substr($authHeader, 6)), 2); - - $params = $this->request->getServer(); - $params->set('PHP_AUTH_USER', $phpAuthUser); - $params->set('PHP_AUTH_PW', $phpAuthPw); + $authValue = $this->request->getServer($header); + if (!empty($authValue)) { + list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = + explode(':', base64_decode(substr((string) $authValue, 6)), 2); return; } } diff --git a/Test/Unit/Controller/Webhook/IndexTest.php b/Test/Unit/Controller/Webhook/IndexTest.php index dff25c935..dc221b002 100644 --- a/Test/Unit/Controller/Webhook/IndexTest.php +++ b/Test/Unit/Controller/Webhook/IndexTest.php @@ -159,38 +159,37 @@ public function testLoadNotificationFromRequest() ); } - public function testFixCgiHttpAuthenticationWithExistingAuthUser() + public function fixCgiHttpAuthenticationDataProvider() { - // Mock the scenario where PHP_AUTH_USER and PHP_AUTH_PW are set - $this->httpMock->method('getServer') - ->will($this->returnCallback(function ($header) { - if ($header === 'PHP_AUTH_USER') { - return 'user'; - } elseif ($header === 'PHP_AUTH_PW') { - return 'password'; - } - return null; // Return null for all other headers - })); - - // Call the private method - $this->invokeMethod($this->indexController, 'fixCgiHttpAuthentication'); - - // No assertion needed, just ensuring no exception is thrown - $this->assertTrue(true); + return [ + 'valid_auth_header' => [ + 'PHP_AUTH_VALUE' => base64_encode('user:password'), // Encoded base64 value + 'expectedUser' => 'user', + 'expectedPassword' => 'password' + ], + 'no_auth_header' => [ + null, // No authorization header + null, // Expected user + null // Expected password + ] + ]; } - public function testFixCgiHttpAuthenticationWithNoAuthHeaders() + + /** + * @dataProvider fixCgiHttpAuthenticationDataProvider + */ + public function testFixCgiHttpAuthentication($phpAuthHeader, $expectedUser, $expectedPassword) { - // Mock all relevant server variables to return null + // Mock the getServer method to return the provided PHP_AUTH value $this->httpMock->method('getServer') - ->will($this->returnValue(null)); // All headers return null + ->willReturn($phpAuthHeader); - // Call the private method + // Call the method you want to test $this->invokeMethod($this->indexController, 'fixCgiHttpAuthentication'); - // No assertion needed, just ensuring no exception is thrown - $this->assertTrue(true); + // Assert the values are set in the $_SERVER global + $this->assertEquals($expectedUser, $_SERVER['PHP_AUTH_USER']); + $this->assertEquals($expectedPassword, $_SERVER['PHP_AUTH_PW']); } - - } \ No newline at end of file